oauth2-proxy:

  config:
    existingSecret: oauth-credentials
    #configFile: |-
    #  --provider=keycloak-oidc
    #  --redirect-url=https://oauth.durp.info/oauth2/callback
    #  --oidc-issuer-url=https://keycloak.durp.info/realms/master

    #--allowed-role=<realm role name> // Optional, required realm role
    #--allowed-role=<client id>:<client role name> // Optional, required client role

#    configFile: |-
#      email_domains = [ "*" ]
#      upstreams = [ "file:///dev/null" ]
#      pass_authorization_header = true
#      pass_access_token = true
#      pass_user_headers = true
#      set_authorization_header = true
#      set_xauthrequest = true
#      request_logging=true
#      cookie_secure=true
#      scope = "openid profile email"
#      cookie_refresh = "1m"
#      cookie_expire = "30m"

  image:
    repository: "quay.io/oauth2-proxy/oauth2-proxy"
    pullPolicy: "Always"

  extraArgs: 
    provider: keycloak-oidc
    redirect-url: https://oauth.durp.info/oauth2/callback/
    oidc-issuer-url: https://keycloak.durp.info/realms/master
    whitelist-domain: durp.info
    scope: groups

  serviceAccount:
    enabled: true
    name:
    annotations: {}

  ingress:
    enabled: true
    path: /
    pathType: Prefix
    hosts:
      - oauth.durp.info
    annotations:
      kubernetes.io/ingress.class: nginx
      kubernetes.io/tls-acme: "true"
      cert-manager.io/cluster-issuer: letsencrypt-production 
    tls:
      - secretName: oauth-tls
        hosts:
          - oauth.durp.info

  resources: 
    limits:
      memory: 300Mi
    requests:
      cpu: 100m
      memory: 300Mi

  livenessProbe:
    enabled: true
    initialDelaySeconds: 0
    timeoutSeconds: 1

  readinessProbe:
    enabled: true
    initialDelaySeconds: 0
    timeoutSeconds: 1
    periodSeconds: 10
    successThreshold: 1

  replicaCount: 1